BR2_PACKAGE_GST_PLUGINS_UGL1_PLUGIN_XINGMUX needs to be
BR2_PACKAGE_GST1_PLUGINS_UGLY_PLUGIN_XINGMUX
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d2ada4d7045ba8b23824e10c59bb662c1cfd901c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
MKINSTALLDIRS is not automatically called by autotools when
autoreconfigured.
This leads to the following error during install:
`/bin/sh @MKINSTALLDIRS@ /home/dawncrow/buildroot-test/scripts/instance-0/output/target/usr/share
/bin/sh: 0: Can't open @MKINSTALLDIRS@`
because @MKINSTALLDIRS@ doesn't get substituted during autoreconf.
This particular command only gets invoked when NLS is enabled.
Add patch that explicitly calls AM_MKINSTALLDIRS macro to substitute
every @MKINSTALLDIRS@ occurence in *.in Makefile.
Patch is not sent upstream since upstream is dead.
Fixes:
http://autobuild.buildroot.net/results/744/7447c03426556f787f20f7ab2d36f0cacc4af1bd/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 00b733a39b0fe3902c96f6734c4f82c310cffc26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 197b5f9d1c23 ("package/binutils: fix loops relaxation in
xtensa gas") changed the way loop opcodes are relaxed resulting in build
failures in hand-made assembly code that has loops in sections without
.literal_position pseudo op or equivalent construct. This e.g. breaks
xtensa linux kernel build.
Fix that by adding literal position to the beginning of every section.
Fixes: 197b5f9d1c23 ("package/binutils: fix loops relaxation in xtensa
gas")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de1d1577d727d41bf26eca46e6f4c659062aa105)
[Peter: drop 2.32 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 900982313786d3537417f18251732ab7dca95553)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of issues discovered post-2.1.2. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.3
Drop 002-configure.ac-switch-default-ESAPI-crypto-backend-to-.patch as this
issue is now fixed upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 097ce6b3a83ac4c4e89d61ef439caee1a1368f32)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This moves the BR2_PACKAGE_LINUX_FIRMWARE_TI_CC2560 option to the
Bluetooth section of the config file. This chip is Bluetooth-only, so
it belongs there instead of with the Wi-Fi/Bluetooth combo chips.
Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0edbbe548f56367ead0feb354c27c0a0d42778e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit f93596d8ba82354efb545fe91449627e6c896ce1, systemd is
enabled on arc however systemd-bootchart is not available on this
architecture so add a BR2_PACKAGE_SYSTEMD_BOOTCHART_ARCH_SUPPORTS from
the information retrieved in src/architecture.h
Fixes:
- http://autobuild.buildroot.org/results/84fb51212abf99faa2b7a46b8c44c42a3ca1201c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9c3089c8a7fdd0e39a990ba6bb8de48e06682863)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a bug where cJSON_Minify could overflow it's buffer, both reading
and writing: https://github.com/DaveGamble/cJSON/issues/338.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a45a3997d8ee0aa592c6a64ce300ee727ad7dc54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of post-1.3 fixes. For details, see the announcement:
http://lists.xiph.org/pipermail/opus/2019-April/004318.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b594e6a1b7af7a5e46d599579523953a3af75726)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Update hash of COPYING (update in year:
bb693862a3)
- Include a Security bugfix released in version 5.48: Fixed requesting
client certificate when specified as a global option.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f69da705de8661d5d45cf4ad89cfa01538d3e01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/28a466b98f813edb6402686cc4706766e73e1ff3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6e6dc1b322337cc35f5675dcab4bdba4c2beaa1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch enables the inclusion of the Pi's overlays. Previously
the overlays were not included in the genimage configuration.
This patch ensures overlays are included in the sdcard (when
enabled) by defaulting to the inclusion of an empty
output/images/rpi-firmware/overlays directory in genimage cfg.
The Pi's overlays are built with the following config
variables:
BR2_PACKAGE_RPI_FIRMWARE=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTBS=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS=y
BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y
BR2_LINUX_KERNEL_IMAGE_NAME="Image"
BR2_LINUX_KERNEL_IMAGE_TARGET_NAME="Image modules dtbs"
After building, the dtbo files are present in the
output/images/rpi-firmware/overlays directory but not added
to the sdcard because they are missing from the genimage cfg
file.
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: fix indentation, and add comment explaining why an empty
directory is created.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 51d6d6c580432435f2b2f95ed35e22a5ecbe9dcb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A patch was added to the Linux kernel in 5.1.0-rc3 which adds a
requirement that the host build environment include pkg-config. Add the
correct host-pkgconf dependency and environment variables to ensure
Linux picks up the correct libraries.
Move the existing LINUX_MAKE_ENV assignment earlier, to simplify the
append-assignment in the libelf conditional block.
Fixes: #11761
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stuart Summers <stuart.summers@intel.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: extend commit message as suggested by Yann]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 615e2edc2ae8351519448d1965f0c4eec4e793b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/8f6fdbf8a21967363b737bc771252bcded4278a9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit db430c67a263e5986d08bca520ba210a9a71c4c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix static build on sparc v8 (even if there is no autobuilder failures
yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 98eb10b1385a1142c4e57226707376a076641840)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
thrift uses pkg-config to find openssl dependencies such as lz or
latomic so drop unneeded workaround. This was a leftover from the very
first integration of thrift 0.9.1 in 2013.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8b84b9016238cb28f71bebb7438c3c57e7fb7725)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't pass --with-openssl option to force softether to use pkg-config
(see autotools/ax_check_openssl.m4).
pkg-config will find openssl dependencies such as lz or latomic
Fix static build on sparc v8 (even if there is no autobuilder failures
yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5472d80405b7edd61ad0eec3a6b2f45e8dd8f8e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d1455b91f88a33ab96cf356ca3ded86a0e196cb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 056e963119ce6d553d2383b863d5e68f923c6922)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/eba8d344446b0db6327c0588c456c14594984f76
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ff5504b4daea7e3979980a61b62dcd3c68f0eb30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to retrieve openssl dependencies such as lz or latomic
Fixes:
- http://autobuild.buildroot.org/results/9bf69f238a63ea28690f7c0dbb8c30feb0afc5ad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c49482604eb8381e7a4a316f2e1dbba178adbacb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
Notable regressions in sscanf and pthread_key_create introduced in 1.1.21
have also been fixed, along with various other bugs and minor conformance
issues.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 66976dff9677d8a080da5abad0c79914f3bd0a09)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d28897da5ebe6063377d748003f983be7c2a13a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 736f344755b67cf2a116cfda3abd0b04e1a9b7f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
json option has been removed in version 0.9.7 with
06987a24ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2bbe9c41c69176d09863c356e307de2d9ed5cb94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Instead of README.md, use LICENSE file that has been added in version
0.9.5 with
4d534a60ee
- Add hash of license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d86eb0c8b4be9f68cbd9ac17edc39b909a6427ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-8785: FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based
Buffer Overflow in function zgfx_decompress() that results in a memory
corruption and probably even a remote code execution.
- CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer
Truncation that leads to a Heap-Based Buffer Overflow in function
update_read_bitmap_update() and results in a memory corruption and
probably even a remote code execution.
- CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer
Overflow that leads to a Heap-Based Buffer Overflow in function
gdi_Bitmap_Decompress() and results in a memory corruption and probably
even a remote code execution.
- CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an
Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that
results in a memory corruption and possibly even a remote code execution.
- CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several
Out-Of-Bounds Reads in the NTLM Authentication module that results in a
Denial of Service (segfault).
For details, see the upstream PR:
https://github.com/FreeRDP/FreeRDP/pull/5031
Add support to set tls security level (for openssl >= 1.1.0), for RDP
protocol version 10 (needed for windows 10 and windows server
2016). Also have some fix and features, see
e21b72c95f
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e91d89bf1fd8d1a7b4ad18b61925dc5c2631f21)
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Add COPYING to license files as it gives useful info on license
- Add "Public Domain" to XZ_LICENSE (see COPYING)
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dc9b97ab6cf0a3ee57b25fa6cb88dcbc70393ac9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sync builtins ops are strictly required by perf utility as it uses
atomic_xxx() functions.
Otherwise building fails like that:
|.../output/host/opt/ext-toolchain/bin/../lib/gcc/arc-snps-linux-uclibc/8.2.1/../../../../arc-snps-linux-uclibc/bin/ld:
|.../output/build/linux-5.0.7/tools/perf/libperf.a(libperf-in.o): in function `atomic_cmpxchg':
|.../output/build/linux-5.0.7/tools/include/asm-generic/atomic-gcc.h:69: undefined reference to `__sync_val_compare_and_swap_4'
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Thomas: drop Config.in comment]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d5edfa6eef6a0e0b124b894be4ce5da4f14c4af7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some kernel-selftests are using modprobe options (-n) that are not available
from busybox's modprobe, so make sure that BR2_PACKAGE_KMOD_TOOLS is selected.
[linux-4.19 selftests]$ git grep tput
drivers/gpu/drm_mm.sh:if ! /sbin/modprobe -n -q test-drm_mm; then
drivers/usb/usbip/usbip_test.sh:if ! /sbin/modprobe -q -n usbip_host; then
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c301405c3483fabda21911006986d235296fd12d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some kernel-selftests are using tput program, so make sure that
BR2_PACKAGE_NCURSES_TARGET_PROGS is selected.
[linux-4.19 selftests]$ git grep tput
[...]
futex/run.sh:tput setf 7 || tput setaf 7
futex/run.sh: tput sgr0
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 633e5121f851b3a89121138ec8aafdb7338ce9de)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
syslog-ng may segfault at startup (during library initialization, before
reaching main) in newer toolchains. I have witnessed it on aarch64 (but with
32-bit arm userland) with glibc 2.28.
Problem is described in syslog-ng issue #2263 [1], which in turn leads to a
problem in 'ivykis' which is shipped with syslog-ng, see ivykis issue #15
[2].
Root cause is that 'pthread_atfork' is used by ivykis but searched by its
configure script in libpthread_nonshared only. In newer toolchains, it seems
this symbol is in libc_nonshared.
Apply a patch someone proposed via pullrequest [3] to the ivykis project,
but which is at this moment not yet merged upstream.
[1] https://github.com/balabit/syslog-ng/issues/2263
[2] https://github.com/buytenh/ivykis/issues/15
[3] https://github.com/buytenh/ivykis/pull/16
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1467eaa6bb951fafb0c1f3320a06635922f24ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The year was updated.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf6615d801e72c286f84adb3d64231b2646b6326)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also remove upstream patch 0033.
Fixes the following security issues:
- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains
characters that decompose under IDNA encoding (NFKC-normalization) into
characters that affect how the URL is parsed.
- bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The
cert parser did not handle CRL distribution points with empty DP or URI
correctly. A malicious or buggy certificate can result into segfault.
Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of
Cisco.
- bpo-35121: Don’t send cookies of domain A without Domain attribute to
domain B when domain A is a suffix match of domain B while using a
cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by
Karthikeyan Singaravelan.
For more details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-3-final
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6afc83b60f0a1d129c2ea691e7d298303eaa9dda)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-3870:
During the provision of a new Active Directory DC, some files in the private/
directory are created world-writable.
https://www.samba.org/samba/security/CVE-2019-3870.html
- CVE-2019-3880:
Authenticated users with write permission can trigger a symlink traversal to
write or detect files outside the Samba share.
https://www.samba.org/samba/security/CVE-2019-3880.html
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.6.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8a662ae308586e60ae65114750a014b52b5969e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-3835, CVE-2019-3838: A specially crafted PostScript file
could use these flaws to have access to the file system outside of the
constrains imposed by -dSAFER.
Drop upstream patches.
Use the make subst function to compute the download site from version.
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10a6ea5a305015b6cf7b13591e2e56ba4b75a932)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
